New Features: September 2018

The following topics provide a snapshot of the AutoFocus™ features introduced in September 2018. Each section includes context for the new feature, with steps to get started
September AutoFocus Features
About Each Feature
New Widgets to Visualize Top Tags
AutoFocus is introducing two new dashboard and report widgets to help users visualize recent sessions and samples. The contents of the widgets are based on the filter settings and can be updated to suit your reporting requirements. You can add these new widgets to AutoFocus by customizing your
Dashboard
or
Reports
.
  1. To customize your AutoFocus widget layout and contents:
    • Dashboard—Go to the
      Dashboard
      and click
      Edit Page
      .
    • Reports—Go to
      Reports
      ,
      Run
      the report you want to add the new widgets to, then click
      Edit
      page.
  2. Add Row
    and then
    Add Widget
    based on your dashboard layout preferences. Add the new widgets labeled
    Top Actors Tags
    and
    Top Exploit Tags
    to you dashboard.
    widget-top-tag-actor-exploit.png
  3. When you are finished making your dashboard changes, click
    Editing
    . If you would like to restore the dashboard settings, click
    Reset
    .
  4. The new dashboard widgets display the following information:
    You can use the filters located at the top of the report and dashboard pages to define the content shown in the widgets.
  • Top Actors Tags—Displays a list of actor tags based on the dashboard or report time range settings. You can further customize the widget by changing the sample display settings.
    top-actor-tags-widget.png
  • Top Exploits Tags—Displays a list of exploit tags based on the dashboard or report time range settings. You can further customize the widget by changing the sample display settings.
    top-exploits-tags-widget.png
For more information about the concepts referenced in this feature, refer to:
Recent Research Widget Improvements
The AutoFocus™ recent research widget has been improved to show additional blog entries as well as the related AutoFocus tags.
recent-research-widget.png
Hover over a tag to reveal additional details and actions you can take on the specified tag.
For more information about the concepts referenced in this feature, refer to:
Support for WildFire Sample Removal Requests
Users who submit unique samples to the WildFire cloud for analysis can issue a request for removal. Sample data includes session / upload data and the sample file itself. Samples that have been successfully removed from the WildFire cloud are now also removed from AutoFocus.
The AutoFocus cloud service does not retain sample files; as a result, only session data is deleted when a request for sample removal is completed in WildFire. Remnant sample meta data will continue to be available in searches.
Support for Samples that have Undergone Dynamic Unpacking
AutoFocus™ now allows you to leverage analysis data from files that have undergone WildFire® analysis using dynamic unpacking. Dynamic unpacking is a cloud-only environment that unpacks and deobfuscates files that have been encoded using custom and open source file compression or packing tools. This provides improved coverage by analyzing files that might have previously dropped as a result of code obfuscation.
The nested analysis report section has tabs for the environments used to analyze a file. Selecting the
Dynamic Unpacking
tab displays the sample’s observed behavior and lists each activity the sample performed when executed in the WildFire cloud.
  1. Start an AutoFocus search to view a list of samples.
  2. Click a sample to view detailed analysis information about the file.
  3. If a sample was analyzed using dynamic unpacking, a tab labeled
    Dynamic Unpacking
    is shown as one of the analysis environments. The subheadings show the analysis details associated with the new environment. You can expand any of the subsections for additional information.
    af-dynamic-analysis-report.png
For more information about the concepts referenced in this feature, refer to:

Related Documentation